WHAT ARE YOU LOOKING FOR?

Popular Tags

Ubuntu Security Notice USN-6142-1 ≈ Packet Storm

Alertes Affichages : 192
Ubuntu Security Notice USN-6142-1 ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

Ubuntu Security Notice USN-6142-1[6]
Authored by Ubuntu[7] | Site security.ubuntu.com[8]

Ubuntu Security Notice 6142-1 - Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

systems | linux[9], ubuntu[10]
advisories | CVE-2020-11080[11]
SHA-256 | 8db0cfa1ab9c208a5c6578a0215c4766c126c7705ad9c0c431e5eb80778831e7
Download[12] | Favorite[13] | View[14]

Change Mirror[15] Download[16]

        ==========================================================================
Ubuntu Security Notice USN-6142-1
June 06, 2023
nghttp2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
nghttp2 could be made to crash if it opened a specially crafted file.
Software Description:
- nghttp2: HTTP/2 C Library and tools
Details:
Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libnghttp2-14                   1.40.0-1ubuntu0.1
libnghttp2-dev                  1.40.0-1ubuntu0.1
nghttp2                         1.40.0-1ubuntu0.1
nghttp2-client                  1.40.0-1ubuntu0.1
nghttp2-proxy                   1.40.0-1ubuntu0.1
nghttp2-server                  1.40.0-1ubuntu0.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libnghttp2-14                   1.30.0-1ubuntu1+esm1
libnghttp2-dev                  1.30.0-1ubuntu1+esm1
nghttp2                         1.30.0-1ubuntu1+esm1
nghttp2-client                  1.30.0-1ubuntu1+esm1
nghttp2-proxy                   1.30.0-1ubuntu1+esm1
nghttp2-server                  1.30.0-1ubuntu1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libnghttp2-14                   1.7.1-1ubuntu0.1~esm1
libnghttp2-dev                  1.7.1-1ubuntu0.1~esm1
nghttp2                         1.7.1-1ubuntu0.1~esm1
nghttp2-client                  1.7.1-1ubuntu0.1~esm1
nghttp2-proxy                   1.7.1-1ubuntu0.1~esm1
nghttp2-server                  1.7.1-1ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6142-1
CVE-2020-11080
Package Information:
https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.1

Login[17] or Register[18] to add favorites

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month[113]
News Tags[114]
Files by Month[115]
File Tags[116]
File Directory[117]
About Us
History & Purpose[118]
Contact Information[119]
Terms of Service[120]
Privacy Statement[121]
Copyright Information[122]
Services
Security Services[123]
Hosting By
Rokasec[124]
close

Read more

Image
Back To Top

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

 

"No secure path in the world"

Category

Popular Sections

About